safeguards-plugin
safeguards-plugin copied to clipboard
Bucket "ServerlessDeploymentBucket" doesn't have a BucketPolicy forbidding unsecure HTTP access but it does.
Hi, this is related to an issue I open on serverless/serverless/issues/8076.
It's seem that safeguards doesn't accept the Framework policy generate for the deployment bucker event if it did forbid unsecure HTTP access.
Warned - Bucket "ServerlessDeploymentBucket" doesn't have a BucketPolicy forbidding unsecure HTTP access.
Framework creates such policy, but internally resource is referenced via:
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":s3:::",
{
"Ref": "ServerlessDeploymentBucket"
},
"/*"
]
]
}
While plugin strictly expects:
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "ServerlessDeploymentBucket"
},
"/*"
]
]
}
And due to that, doesn't recognize policy and raise a warning.
Let me know if you need more information.
@KerberosMorphy thanks for reporting. It's definitely the bug that's worth fixing. We welcome the PR that addresses that